Download as pdf or txt
Download as pdf or txt
You are on page 1of 66

Junos Fundamentals Series


Its day one and you have a job to

do. Start using the Junos CLI today.
In this Day One booklet youre just
a few hours away from modifying,
saving, and loading configuration
files on your Junos device.

By Cathy Gadecki and Michael Scruggs

Junos Fundamentals Series


Day One: Exploring the Junos CLI

This book is for rst-time users of the Junos opoerating system and Juniper Networks products.
It not only lays the foundation for learning Junos, it also facilitates understanding of subsequent
booklets that appear in the Day One series.
The Junos CLI provides you with new tools, shortcuts, and safeguards. Learn about these
new features and save yourself hours at the keyboard. The practical Day One format offers
straightforward explanations, step-by-step instructions, and lots of examples. And, the Try It
Yourself sections let you practice what you just read.

Clear, concise, yet with enough technical detail to allow users new to
Juniper Networks gear to complete the desired tasks on day one and
allow more advanced users to have a handy cheat sheet for those tasks
that they may not perform everyday. These guides are essential tools
for all who use Juniper Networks equipment.

Day One: Exploring the Junos CLI shows you how to:
Navigate the CLIs operational mode and configuration mode.
Understand the hierarchies that underlie each mode.
Get onboard help and use keyboard shortcuts to speed up your work.
Show device status, alarms, and other helpful information in operational mode.
Modify, save, and load configuration files with minimal risk to operations.
Use basic configuration mode commands such as show, set, and delete.
Capitalize on the safety features of the Junos operating system commit model.
Prepare system changes in advance.
Use the shortcuts and tips of experienced users and avoid common problems.

Juniper Networks Day One booklets provide just the information you need on day one. They are
written by subject matter experts and engineers who specialize in getting networks up and running.
Look for other titles covering high-performance networking solutions at
This book is available in both PDF and printed formats.


Junos Fundamentals Series

Day One: Exploring the Junos CLI

By Cathy Gadecki and Michael Scruggs

Chapter 1: Introducing the CLI. . . . . . . . . . . . . . . . . . . . . . . 7

Chapter 2: Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . 13
Chapter 3: Understanding Operational Mode . . . . . . . . . .


Chapter 4: Discovering Configuration Mode . . . . . . . . . . . . 37

Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63


2009 by Juniper Networks, Inc. All rights

reserved. Juniper Networks, the Juniper Networks
logo, JUNOS, NetScreen, and ScreenOS are
registered trademarks of Juniper Networks, Inc. in
the United States and other countries. JUNOSe is a
trademark of Juniper Networks, Inc. All other
trademarks, service marks, registered trademarks,
or registered service marks are the property of
their respective owners.

About the Authors

Cathy Gadecki is a Senior Product Marketing
Manager at Juniper Networks responsible for
JUNOS Software. Her publications include coauthoring JUNOS for Dummies, a practical guide
to JUNOS Software.
Michael Scruggs is a Technical Publications
Manager at Juniper Networks.
Authors Acknowledgments

Juniper Networks assumes no responsibility for

any inaccuracies in this document. Juniper
Networks reserves the right to change, modify,
transfer, or otherwise revise this publication
without notice. Products made or sold by Juniper
Networks or components thereof might be covered
by one or more of the following patents that are
owned by or licensed to Juniper Networks: U.S.
Patent Nos. 5,473,599, 5,905,725, 5,909,440,
6,192,051, 6,333,650, 6,359,479, 6,406,312,
6,429,706, 6,459,579, 6,493,347, 6,538,518,
6,538,899, 6,552,918, 6,567,902, 6,578,186, and
Published by Juniper Networks
Printed in the USA by
Editor: Nancy Koerbel
Literary Management: Ames & Eames, Inc.
Revision: v3 September 2009

The authors want to thank the many people who

assisted us in creating this book. Our literary
manager, Patrick Ames, provided abundant
publishing expertise in dening the Day One series
and developing this rst booklet. Nancy Koerbel
assisted by editing our writing. Susan
Harris helped in researching and drafting early
editions of this book. Jonathan Looney and
Michael Bushong provided examples and exercises
along with their extensive expertise. Jeff Mattan
assisted with promotions. And the numerous
contributing writers to Juniper Networks
Technical Publications and Juniper Networks
Education Services who provided us with reference
materials, descriptions, and examples. We would
also like to thank Michelle Bhatia and Bernadette
Willis for their helpful support.
Thank you Nancy Kurahashi for her comments
that were incorporated in this version 3.


Welcome to Day One

Day One booklets help you to get started quickly in a new topic with
just the information that you need on day one.
They are designed to provide straightforward explanations, step-bystep instructions, and many detailed examples that are easy to follow.
The Try It Yourself sections let you practice commands, congurations, and other steps on your own at your laptop or terminal. Look
for margin tips along the way, including best practices, alerts, short
cuts, tips, and notes.

Why Day One Booklets?

Its a simple premise you want to use your Juniper equipment as
quickly and effectively as possible. You dont have the time to wade
through all the documents that are available to you. You may not even
know where to start. All you want to know is what to do on day one.
The JUNOS Software Fundamentals Series allows you to get right to
it, one booklet at a time.

Show Me
With a focus on doing, Day One booklets include lots of examples for
your inspection. Try these examples yourself, if you choose. The
examples show screen output in a xed-width font with the commands
that you enter in boldface.

Before You Begin

To access the JUNOS CLI, you must rst have access to the device
itself, either through the out-of-band console port or the in-band
management port. As each network is different, it is beyond the scope
of this booklet to walk you through the process of logging in to
deployed equipment. So before attempting to log in, you need to
understand how your network is set up or have physical access to the
If you need information on accessing your device, see the Quick Start
guide for your product at


What this Booklet Offers You

Day One: Exploring the JUNOS CLI will help you to understand the
commands and mechanics of the command-line interface. Subsequent
booklets in the JUNOS Software Fundamentals Series will leverage
this understanding and help you complete the set up of your devices to
run in your network.
When youre done with this booklet, youll be able to:
P Navigate the CLIs operational mode and conguration mode on
any device run by JUNOS Software.
P Understand the hierarchies that underlie each mode.
P Get onboard help and use keyboard shortcuts to speed up your
P Show device status, alarms, and other helpful information in
operational mode.
P Modify, save, and load conguration les with minimal risk to
P Use basic conguration mode commands such as show, set, and
P Capitalize on the safety features of the JUNOS Software commit
P Prepare system changes in advance.
P Use the shortcuts and tips of experienced users and avoid common

What You Need to Know Before Reading

Day One: Exploring the JUNOS CLI lays the foundation for learning
JUNOS Software and understanding later Day One booklets that
appear in the JUNOS Software Fundamentals Series.
Day One: Exploring the JUNOS CLI is for rst-time users of JUNOS
or Juniper Networks products, but it is written so that it might also
serve as a reference or refresher for more experienced JUNOS administrators.
An understanding of basic networking concepts will be helpful as you
work your way through these pages.

And How to Give Us Feedback

Do you have a comment or a great idea that might work as a Day One
booklet? Wed like to hear your constructive comments and critiques.
Please, if you have time, drop us an email at


Jump In!
And for those of you with no patience... Go ahead and jump ahead to
your own path of discovery on your new JUNOS device (in the
factory-default conguration) by using these four steps.

Step 1: Connect

Connect your management PC to the console port of your new

Juniper device using a null-modem or rollover cable, turn on the
PC and start its terminal emulation program, and then power up
the Juniper box.

Step 2: Log In

At the login prompt, enter root and at the password prompt

press Enter. What it looks like with user input in bold:
host (ttyd0)
login: root

Step 3: Enter the CLI After you are authenticated, you enter the UNIX shell. To get to

the CLI from the prompt, enter cli. What it looks like with user input
in bold:
root@Amnesiac% cli

Step 4: Explore

Youre now in the operational mode of the command-line interface.

Enter a question mark anywhere in the command hierarchy, and
youll immediately see a list of possible entries. Go ahead and try
it, enter ?.
See that? Its the list of the valid commands at the top of the operational mode hierarchy. You can also use the question mark to nd out the
valid possibilities to complete a command. For example:
user@Amnesiac > show i?

Displays all the possible show commands that start with the letter i.
Look around ... see what else you can discover. What happens when
you enter configure ?

Chapter 1
Introducing the CLI
Outlining the Command Modes . . . . . . . . . . . . . . . . . . . . .8
Understanding Operational Command Hierarchies . . . . . 9
Understanding Conguration Statement Hierarchies . . . .10

Day One: Exploring the JUNOS CLI

The command-line interface (CLI) is the software interface used to

access your device. From here you congure the platform, monitor its
operations, and adjust the conguration as needed.
If youve operated other networking devices, the JUNOS CLI should
seem familiar, but you will also quickly notice that there are some new
and different commands. No need to fret. These changes provide a rich
set of new tools and safeguards that help you efciently manage your
network and maintain high uptime.
The command-line interface includes lots of shortcuts and commands
to get help. Master these shortcuts and commands, and youll spend
much less time pounding away on your keyboard. With just a little
effort, youll soon learn why so many people say that JUNOS saves
them time (often lots of it), reduces repetitive tasks, and helps them to
avoid mistakes.
If youd prefer to use a web GUI rather than the CLI, take a look at JWeb, the powerful web-based management interface available on
JUNOS devices. J-Web lets you perform the same actions available in
the command-line interface. It provides practical tools to monitor,
congure, troubleshoot, and manage your device.
MORE? Go to the J-Web technical documentation for your device at www.

Outlining the Command Modes

The rst step to exploring the JUNOS CLI is to understand its two
command modes:
n Operational mode: manage and monitor device operations. For
example, monitor the status of the device interfaces, check chassis
alarms, and upgrade and downgrade the devices operating
n Conguration mode: congure the device and its interfaces. These
include user access, interfaces, protocols, security services, and
system hardware properties.

Chapter 1: Introducing the CLI

Top Level Mode

2nd Level Modes

3rd Level Modes

Figure 1.1

Hierarchical Structure of the JUNOS CLI Modes

The JUNOS CLI structures the activities of each mode into hierarchies,
as illustrated in Figure 1.1. The hierarchy of each mode is made up of
cascading branches of related functions commonly used together.
The structured hierarchy of the command-line interface is one of the
many distinctive aspects of the JUNOS CLI preferred by users. By
logically grouping activities, the JUNOS CLI provides a regular,
consistent syntax helpful for knowing where you are, nding what you
want, moving around the interface, and entering commands.

Understanding Operational Command Hierarchies

When you rst log in to the CLI, the command-line interface is at the
top level of the CLIs operational mode.
On the next page, Figure 1.2 provides a view of the CLIs tree structure
from the top of the operational mode, with an example of its cascading
hierarchy through the show command. For example, the show
configuration hierarchy includes access, chassis, firewall, groups,
etc. The structured grouping of commands makes it easy to move
quickly up and down the hierarchical path or to a specic function
anywhere in the CLI.


Day One: Exploring the JUNOS CLI





Figure 1.2






















Top of the Operational Mode Tree


The top level of each hierarchy is much like the top of the UNIX
lesystem (\), and both the operational mode and conguration mode
hierarchies are similar to the directory structure on UNIX systems, PCs,
and Macs. Youll learn more about the operational mode in Chapter 3.

Understanding Conguration Statement Hierarchies

Conguration mode has a hierarchical structure logically grouping
related conguration statements. This structure eases conguration
setup, review, and modication by allowing you to more readily nd
and view related statements. Figure 1.3 illustrates a portion of the conguration tree, with nodes such as system and interfaces at the second
level of the hierarchy.



accounting archival


Figure 1.3


















Top of the Conguration Mode Tree



Chapter 1: Introducing the CLI

The conguration statement hierarchy includes two types of statements:

n container statements: contain other statements; that is, they have
subordinate conguration levels
n leaf statements: do not contain other statements; they are at the
end of a particular hierarchical path

Conguration Syntax
The command-line interface displays the hierarchy of the
conguration mode through specic syntax. The following example
highlights what you need to know to read a JUNOS CLI conguration
system {
services {

1. The [edit] banner indicates the starting hierarchy level of the

2. The CLI shows the hierarchy of the conguration by indenting each
subordinate level.
3. The CLI indicates container statements with open and closed curly
braces ({ }). In the above example, system and services are cascading
container statements.
4. The CLI indicates leaf statements with a semicolon (;). In the
above example, ftp; is a leaf statement.

Although the organizational structure within the conguration is

similar to C or other programming languages, you do not need to
understand programming to understand the conguration le. It
simply is an outline view (remember English class) of the conguration. Once you understand how the outline view works, you will nd
that the conguration is very easy to read and navigate.



Day One: Exploring the JUNOS CLI

Conguration Command Banner

You can always determine where you are in the conguration
hierarchy by referring to the conguration command banner, shown as
the [edit] banner in the example above. When you are in deeper
levels of the hierarchy, the [edit] banner displays the entire
hierarchical path. For example, the banner [edit system services]
indicates a place of the hierarchy lying within services at the third
level, within system at the second level, and within the root rst level.
Thus, the following two conguration statements for the FTP service
are equal. In the rst, you are looking at the statement from the root
level of the hierarchy; and so the ftp; statement is shown in this listing
within the system and services container statements.

system {
services {

In the second example, you are viewing the ftp; statement from
deeper within the hierarchy, specically within the system and
services hierarchies. Because you are deeper within the hierarchy, the
command-line only displays the ftp; statement.
[edit system services]

The exibility to work at a specic sublevel in the hierarchy is helpful

when you want to focus on just a small portion of the conguration.
Youll learn to navigate through the conguration hierarchy in
Chapter 4.
But for now, lets get started using the CLI. Its fast, its easy, and you
cant get lost, because youre using JUNOS Software.

Chapter 2
Getting Started
Logging In . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14
Switching Between Operational & Conguration Modes .15
Using Keystroke Shortcuts . . . . . . . . . . . . . . . . . . . . . . . .15
Getting Help. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Filtering Output with the Pipe Command and More . . . . . 21
Working With Shells . . . . . . . . . . . . . . . . . . . . . . . . . . . .26
Logging Out . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27


Day One: Exploring the JUNOS CLI

If you have access to a device in a lab or other nonoperational environment, follow along with the examples on these pages while exploring
the CLI. You can enter the commands and examples on your device as
well as practice your new skills by using our Try It Yourself segments.
To access the CLI, you must connect to the device and then log in. If
you need help connecting to your device and logging in, see the Quick
Start for your product or go to the URL mentioned below. Before
logging in to explore the CLI, you need to understand how your
network is set up or have physical access to the device.
The instructions in this Day One booklet also assume that the devices
management console has already been congured, and you can log in
to the device using a pre-designated user name and password through
the management console. This is the standard and recommended
method for accessing the CLI on your device.

For information on accessing the device out of the box, see the Quick
Start guide for your product at

Logging In
To access the management port from a networked device:
1. Open a command window.
2. If necessary, log in to the gateway server with direct access to the
JUNOS device.
telnet gatewayserver
user: username
password: password

Oftentimes, the routers, switches, and security devices are on a

subnet behind a gateway router that prevents unauthorized access
to these devices.
3. Log in to the device.
telnet routername
user: username
password: password

If the devices IP address is managed by a DNS server, you can

simply log in using the designated domain name. Otherwise, you
can log in using the unique IP address of the management port.

Chapter 2: Getting Started

Switching Between Operational and Conguration Modes

As you monitor and congure a device, you need to switch between the
operational mode and the conguration mode. When you change to
conguration mode, the command prompt also changes. The operational mode prompt is a right angle bracket (>). The conguration
mode prompt is a pound sign (#).
To switch from operational mode to conguration mode, issue the
configure command:
mike@juniper1> configure

SHORT CUT When issuing the configure command, simply type co. Since no other

command starts with those two letters, the CLI will recognize the
command and autoll the rest of the command for you.
To exit back to operational mode, issue the exit
command, or even shorter, the exit command.


mike@junper1# exit

NOTE Keep in mind that if you made conguration changes, you must

commit these changes before exiting conguration mode for them to

take effect, which is covered in Chapter 4.

Using Keystroke Shortcuts

The JUNOS CLI offers numerous ways to save keystrokes when using
the command line, including keyboard sequences and command
All standard UNIX keyboard shortcuts are available to you when you
are logged in to the JUNOS device. This is true whether you are in one
of the shells, or in the CLI. These shortcuts offer options to shorten
keystrokes. It may take a few days for shortened keystrokes to become
second nature; however, once you have the muscle memory, these
shortcuts can save you lots of typing time.
The CLI stores every entered command in its command history. At any
command prompt, the up and down arrow keys let you scroll through
this history (on a VT100 terminal type). You can reuse commands that
you previously entered, or modify them as needed. Keyboard sequences can save you much time, for example, when you are conguring
similar items on the device, or you are repeating operational commands, such as when you are debugging an issue.



Day One: Exploring the JUNOS CLI

SHORT CUT Use these time-saving keyboard shortcuts:

Go to next in command history

Down arrow or Ctrl+n

Go to previous in command history

Up arrow or Ctrl+p

Go to beginning of line


Go to end of line


Go left one character


Go right one character


Go forward one word


Go backward one word


Delete character over cursor


Delete word after cursor


Delete word before cursor


Delete text from the cursor

to end of the line


Delete the line


Paste the deleted text at cursor


Command Completion
The CLI provides command completion to further speed your typing in
both modes. Command completion automatically nishes partially
typed commands, lenames, and user names, so you dont need to
recall the exact syntax of the desired input string. Command completion is a big help to new users, easing their transition to the new
command-line interface.
The spacebar completes most CLI commands. The tab key not only
completes CLI commands, but also lenames and user-dened variables such as policy names, community names, and IP addresses. When
the completion of the command or argument is ambiguous, pressing
the spacebar or tab key lists the possible completions:
mike@juniper1# show i<space>
i is ambiguous
Possible completions:

Chapter 2: Getting Started



Internet Group Management Protocol

Interface Key Exchange Information
Interface Information
IP Security Information
Intermediate System-to Intermediate

SHORT CUT Common abbreviations from other operating systems, such as sh int,

are available in JUNOS Software. For example mike@juniper1>

sh<space>ow int<enter>.

Try It Yourself: Using the Spacebar and Tab Key

Enter the following commands, using the spacebar to complete them:
sh<space>ow ro<space>ute
sh<space>ow ch<space>assis h<space>ardware
sh<space>ow conf<space>iguration
cl<space>ear rip s<space>tastics
res<space>tart ro<space>uting g<space>racefully

Getting Help
The JUNOS CLI includes several options for getting help any time
youre not sure what to do, or if you just want to double-check your
memory. Everyone uses the CLIs comprehensive system of online help,
even the experts whove been working with Juniper devices for years.

Context-Sensitive Help
Query the command line with the question mark (?) character at any
level of the operational or conguration hierarchies for a list of
available commands and a short description of each. Typing a partial
command and ? provides a list of all the valid ways to complete your
command. Using ? in either of these ways is known as context-sensitive
help in JUNOS lingo:
[edit system]
mike@juniper1# set s?
Possible completions:
> services

Save context information for core files

Number of saved core files per executable (1..64)
System services



Day One: Exploring the JUNOS CLI

> static-host-mapping
> syslog

Static hostname database mapping

System logging facility

Try It Yourself: Getting help with a question mark

Display possible completions for the following commands in operational mode:
show ?
show chassis ?
show interfaces ?
show system ?
request ?
request support ?
restart ?
ping ?
traceroute ?

Display possible completions for the following partially entered commands:

s ?
show i ?
request system s ?
restart s ?

For commands that require a lename as an argument, the question

mark lists the les in the working directory:
mike@juniper1> request system license add ?
Possible completions:
<filename> Filename (URL, local, remote, or floppy)
Size: 19701, Last changed: Feb 23 21:56:52
Size: 1835, Last changed: Apr 09 09:51:57
Size: 1215, Last changed: Feb 16 13:07:49
Size: 1135, Last changed: Apr 09 11:05:16
Use login terminal

Specifying a path lists the les in that directory:

mike@junper1> request system license add /cf/ ?
Possible completions:
Execute this command
Filename (URL, local, remote, or floppy)
Last changed: Apr 16 11:08:56
Last changed: Apr 08 2004
Last changed: Apr 30 08:40:09
Size: 32797835, Last changed: Apr 15
/cf/kernel.old Size: 32715591, Last changed: Nov 09
Last changed: Nov 09 02:08:43
/cf/packages/ Last changed: Apr 16 11:08:57

Chapter 2: Getting Started







Onboard Documentation
When you want more information than what is provided by contextsensitive help, turn to the JUNOS Software technical documentation
on your device through the help commands. Juniper loads documentation on new devices and includes it as a part of new upgrade builds.
The help les are divided into ve major categories. You can access
these les in both operational and conguration modes:
n help apropos: displays help about a text string contained in a
statement or command name
n help reference: provides assistance with conguration syntax by
displaying summary information for the statement
n help syslog: displays information on specic syslog events
n help tip: provides random tips for using the CLI
n help topic: displays usage guidelines for conguration statements
When requesting help, follow each of the above commands with the
string or topic for which youre seeking information.
The Help Apropos Command
The help apropos command is useful whenever you remember a
portion of a command but not the full statement. The command looks
for all matches in statement or command names as well as help strings
that are displayed for these:
mike@junper1# help apropos host-name
set system host-name <host-name>
Hostname for this router
set system static-host-mapping <host-name>
Fully qualified name of system
set system services dhcp static-binding <mac-address> host-name <host-name>
Hostname for this client
set system syslog host
Host to be notified
set interfaces <interface_name> services-options syslog host <host-name>
Name of host to notify



Day One: Exploring the JUNOS CLI

set accounting-options routing-engine-profile <profile-name> fields host-name

Hostname for this router
set services l2tp tunnel-group <name> syslog host <host-name>
Name of host to notify
set services service-set <service-set-name> syslog host <host-name>
Name of host to notify

If the string contains spaces, enclose them in quotation marks (" ").
The Help Topic Command
Use the help topic command to learn about the usage guidelines for a
specic conguration statement:
mike@juniper1> help topic interfaces address ?
Configuring the Interface Address
You assign an address to an interface by specifying the address when configuring the
protocol family. For the inet family, you configure the interfaces IP address. For the
iso family, you configure one or more addresses for the loopback interface. For the
ccc, tcc, mpls, tnp, and vpls families, you never configure an address.

The Help Reference Command

After learning about what a certain command does and when to use it,
you can view the actual syntax and possible options using the help
reference command. Using the same example:
mike@juniper1> help reference interfaces address
address address {
arp ip-address (mac | multicast-mac) mac-address <publish>;
broadcast address;
destination address;
destination-profile name;
multipoint-destination address dlci dlci-identifier;
Hierarchy Level

[edit interfaces interface-name unit logical-unit-number family family],

[edit logical-routers logical-router-name interfaces interface-name unit
logical-unit-number family family]
Configure the interface address.

Chapter 2: Getting Started


The help reference command is similar to UNIX manpages as well as

to the manual command seen on other operating systems.

Syntax Help
Rather than waiting until you hit return at the end of a conguration
statement, JUNOS Software checks syntax word-by-word. Every time
you enter a word into a line and press the spacebar, the CLI determines
if each term is a valid command component and whether it is being
used properly. If it nds a mistake, the CLI requests correction.
Additionally, JUNOS Software checks for omitted statements required
at a particular hierarchy level whenever you attempt to move from that
hierarchy level or when you issue the show command in conguration
mike@juniper1# show
protocols {
pim {
interface so-0/0/0 {
priority 4;
version 2;
# Warning: missing mandatory
statement(s): 'mode'

Filtering Output with the Pipe Command and the More Prompt
You can change how the CLI displays output with the pipe | character
and the more prompt.

The Pipe Character

The pipe | character lets you lter output in both operational and
conguration modes. Pipe makes it possible to display specic information in a single command step, sending the output of one command
as input to another, or redirecting the output to a le. The output of the
command to the left of the pipe symbol serves as input to the command
or le to the right of the pipe.



Day One: Exploring the JUNOS CLI

You can query the CLI to nd valid ways to pipe a command, as in this
operational mode listing:
mike@juniper1> show route | ?
Possible completions:
Count occurrences
Show additional kinds of information
Show only text that does not match a pattern
Search for first occurrence of pattern
Hold text without exiting the --More-- prompt
Display end of output only
Show only text that matches a pattern
Dont paginate output
Make system-level requests
Resolve IP addresses
Save output text to file
Trim specified number of columns from start of line

Using pipes
The following examples from a congured device further demonstrate
ways that pipe can help you to ne-tune commands.
Filter command output to a le
Create a le that stores the output of the request support information
command of the operational mode by piping its output to a <filename>:
mike@juniper1> request support information | save <filename>
Wrote 1143 lines of output to filename


See the section Using the File Commands in Chapter 3 to learn about
accessing the created le.

Display additional and hold information

You can request that a listing include additional information or that the
CLI hold information:

| count:

gives the number of lines in the output:

mike@juniper1> show interfaces terse | count

Count: 22 lines

| display detail: provides additional information about the

contents of the conguration (available only in conguration mode)

Chapter 2: Getting Started

| display xml:

shows the output in XML format

mike@juniper1> show cli directory | display xml

<rpc-reply xmlns:junos=


Its useful to display output in XML when exchanging conguration

and state information with other systems. The XML output is formatted in the standard Remote Procedure Call (RPC) format.

| hold:

retains the output in the buffer until cleared

Constrain command output

The most common way to use the pipe | symbol is to constrain the

| match: specify exactly what information you want to display:

mike@juniper1 > show configuration | match atat-2/1/0 {

at-2/1/1 {
at-2/2/0 {
at-5/2/0 {
at-5/3/0 {


Match is equivalent to the UNIX grep command.

| except: displays output that ignores a specic string:

mike@juniper1> show system users | except root

8:28PM up 1 day, 13:59, 2 users, load averages:
0.01, 0.01, 0.00
sheep p0 7:25PM - cli

| find: displays the output starting at the rst occurrence of the

matching text:



Day One: Exploring the JUNOS CLI

mike@juniper1>show ethernet-switching interfaces detail | find Index: 80

Interface: ge-0/0/16.0 Index: 80
State: down
blocked - blocked by STP
Interface: ge-0/0/17.0 Index: 81
State: down


blocked - blocked by STP

| last: provides only the last screen of the listing

When using find or match, you must enclose spaces, operators, or

wildcard characters that are a part of the search term in quotation
Multiple Pipes
JUNOS Software sees multiple pipes as a logical AND, only displaying
the output that matches all entered pipes. You can enter different pipe
commands, as well as the same pipe command, multiple times. For
example, to count how many fast Ethernet interfaces are congured
within the active conguration:
mike@juniper1> show interfaces terse | match fe- | count
Count: 12 lines

As another example, use the same pipe command on a single line to

show all routes that include the 10.0 string with a /32 subnet mask:
mike@juniper1> show route | match /32 | match 10.0
*[Local/0] 03:18:28
*[Local/0] 03:20:49
*[Local/0] 08:54:55
*[Local/0] 08:57:26

The <more> Prompt

The command-line interface automatically paginates output. The CLI
settings determine the length for your user account, with the typical
setting at 24 lines. When the device stops at a page break, the command-line interface displays the <more> prompt and shows the amount

Chapter 2: Getting Started

of displayed output as a percentage of all the content available for

display. You can press the h key at any <more> prompt to see a list of
display options, such as moving forward and backward in the output,
searching, and saving:
mike@juniper1> show ethernet-switching interfaces detail
Interface: ge-0/0/0.0 Index: 64
State: down
blocked - blocked by STP
*// Data Deleted From Example //*
Interface: ge-0/0/12.0 Index: 76
State: down

blocked - blocked by STP

---<more>--- h
---(Help for CLI automore)--Clear all match and except strings:
c or C
Display all line matching a regexp
m or M <string>
Display all lines except those matching a regexp: e or E <string>
Display this help text:
Dont hold in automore at bottom of output:
Hold in automore at bottom of output:
Move down half display:
TAB, d, or ^D
Move down one line:
Enter, j, ^N, ^X, ^Z, or Down-Arrow
Move down one page:
Space, f, ^F, or Right-Arrow
Move to bottom of output:
G, ^E, or End
Move to top of output:
g, ^A, or Home
Move up half display:
u or ^U
Move up one line:
k, Delete, Backspace, ^P, or Up-Arrow
Move up one page:
b, ^B, or Left-Arrow
Quit automore:
q, Q, ^K
Redraw display:
^L or ^R
Repeat a keystroke command 1 to 9 times:
Repeat last search:
Save output to a file:
s or S <filename/url>
Search backwards thru the output:
Search forwards thru the output:
---(End of Help)---


The set cli screen-length command modies the number of displayed lines. Alternatively, you can display the entire output by adding
the pipe | no-more as part of your command.



Day One: Exploring the JUNOS CLI

Working with Shells

A shell normally refers to any command-line interface used on a UNIX
or UNIX-like operating system. These interfaces interpret high-level
commands into low-level instructions that the device can use. When
you log in to a JUNOS device, you are placed into one of two shells:
the C shell or the CLI in operational mode.
The following shells are available:


Command Prompt

C shell

Bourne shell


mike@juniper1> (operational mode)

mike@juniper1# (conguration mode)

You can navigate from one shell to another by issuing the proper
command. This command spawns a new instance of that shell and
places you into that instance. For example, while in the CLI operational mode, you can spawn a new C shell interface by issuing the start
shell command.

When you log out of the device be sure to exit each of the shells you
entered during your session.

Logging In to the CLI

To log in to the CLI interface, issue the cli command at any shell
% cli

The CLI always opens in operational mode.

Logging In to the C Shell

To log in to the C shell interface from the CLI in operational mode,
issue the start shell command:

Chapter 2: Getting Started

mike@juniper1> start shell

To log in to the C shell interface from the CLI in conguration mode,

issue the run start shell command:
mike@juniper1# run start shell


The run command allows you to issue CLI operational mode commands while in conguration mode. Just add the keyword run before
any operational mode command that you want to execute while you
are inside the conguration mode.
To log in to the C shell interface from the Bourne shell interface, issue
the csh command.
$ csh

Logging In to the Bourne Shell

To log in to the Bourne shell interface from the CLI in operational
mode, issue the start shell command:
mike@juniper1> start shell

To log in to the C shell interface from the CLI in conguration mode,

issue the run start shell sh command:
mike@juniper1# run start shell sh

To log in to the C shell interface from the C shell interface, issue the sh
% sh

Logging Out
When logging out, you must log out of each shell you have opened
before you can log out completely from the device. Thus if you log in
to the device and are placed in the CLI operational mode and then you
enter the CLI conguration mode, you need to exit out of both shells.
When its time to take a break, you must log out of each shell you have
opened before you log out comletely from the device. When you are
completely logged out of the device, you will receive the message:
Connection closed by foreign host.
mike@junper1> exit



Day One: Exploring the JUNOS CLI

Connection closed by foreign host.


If youre in conguration mode and want to log out, exit your conguration session to enter operational mode:
[edit protocols ospf]
mike@juniper1# exit configuration-mode
Exiting configuration mode
mike@juniper1> exit
Connection closed by foreign host.


Protect the security of your device by logging out if you have no

reason to be logged in or when you are away from your terminal, even
for a few minutes. This prevents someone else from sitting down at
your workstation and inadvertently (or deliberately) accessing the

Chapter 3
Understanding Operational Mode
Looking at Operational Mode . . . . . . . . . . . . . . . . . . . . . 30
Showing Device Status . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Managing Basic Operations . . . . . . . . . . . . . . . . . . . . . . .33
Using the File Commands . . . . . . . . . . . . . . . . . . . . . . . . 34
Managing the Operating System Software . . . . . . . . . . . .35


Day One: Exploring the JUNOS CLI

Operational mode provides commands for monitoring, managing, and

maintaining your device. You can nd out the status of your device,
administer diagnostics, and perform other operational tasks, as well as
manage the software running the device.
Key operational mode capabilities include:
n Monitoring and troubleshooting the device
n Connecting to other network systems
n Restarting software processes
n Entering conguration mode
n Displaying the conguration
n Controlling the CLI environment
n Performing system-level operations such as stopping and rebooting the device and loading JUNOS Software images
JUNOS Software provides an extensive set of on-board instrumentation capabilities for gathering critical operational status, statistics, and
other information. These tools deliver advance notication of issues
and speed problem solving during events.
As part of your conguration setup you can specify the types of events
to track, the event severity, and the les in which to store the data,
among other options. Juniper devices come with sufcient processing
power to collect and store critical operational data, including SNMP
management, system logging, and traceoptions that help you to
understand how the box operates in normal conditions and where,
when, and why changes occur.

Find out more about conguring basic monitoring functions for your
device in the upcoming booklets of the JUNOS Software Fundamentals Series. Download new titles as they become available at www.

Looking at Operational Mode

Explore operational mode from the top level of its hierarchy. Heres a
truncated listing of its most commonly used commands:

Chapter 3: Understanding Operational Mode

mike@juniper1> ?
Possible completions:
Clear information in the system
Manipulate software configuration information
Perform file operations
Provide help information
Show real-time debugging information
Ping remote target
Exit the management session
Make system-level requests
Restart software process
Set CLI properties, date/time, craft interface message
Show system information
Start secure shell on another host
Start shell
Telnet to another host
Perform diagnostic debugging
Trace route to remote host

Showing Device Status

Operational mode provides a large group of show commands to
display status and statistics for just about everything on the device:
mike@juniper1> show?
Possible completions:
Show accounting profiles and records
Show Automatic Protection Switching information
Show system Address Resolution Protocol table entries
Show table of known autonomous system paths
bfd Show
Bidirectional Forwarding Detection information
bgp Show
Border Gateway Protocol information
Show chassis information
Show class-of-service (CoS) information
Show command-line interface settings
Show current configuration
Show circuit cross-connect connections
Show dialer information
Show DLSw information
Show Distance Vector Multicast Routing Protocolinformation
Show dynamic tunnel information information
Show end system-to-intermediate system information
Show firewall information
Show port-forwarding helper information
Show hostname information from domain name server
Show Internet Group Management Protocol information
Show Internet Key Exchange information
Show interface information
Show IP Security information



Day One: Exploring the JUNOS CLI




IP version 6 information
Integrated Services Digital Network information
Intermediate System-to-Intermediate System info...
Layer 2 circuit information
Layer 2 VPN information
Label Distribution Protocol information
LLC2 protocol related information
contents of log file
multicast listener discovery information
Multiprotocol Label Switching information
Multicast Source Discovery Protocol information
multicast information
Network Time Protocol information
Open Shortest Path First information
Open Shortest Path First version 3 information
Packet Forwarding Engine information
Pragmatic Generalized Multicast information
Protocol Independent Multicast information
interface policer counters and information
policy information
PPP over Ethernet information
Routing Information Protocol information
Routing Information Protocol for IPv6 information
routing table information
Resource Reservation Protocol information
Session Announcement Protocol information security
services information
Simple Network Management Protocol information
system information
routing protocol per-task information
Traffic Engineering Database information
software process revision levels
Virtual Router Redundancy Protocol information

For the reader with experience using Cisco IOS software, a basic
difference of JUNOS Software is that it does not use the keyword IP.
So, many of the show commands you already know work if you drop
this part of the command. For example, the IOS command show ip
route simply becomes show route in JUNOS.
The show command includes other arguments to modify the output.
For example, below are the available arguments for the show
interfaces command for the fe-1/1/1 Fast Ethernet interface:

mike@juniper1> show interfaces fe-1/1/1 ?

Possible completions:
Execute this command
Display brief output

Chapter 3: Understanding Operational Mode


Display interface description strings

Display detailed output
Display extensive output
Display media information
SNMP index of interface
Display statistics and detailed output
Display terse output

You can add these options to adjust the output listings to what you
need. Compare the show output when adding brief and terse to the
command above.
mike@juniper1> show interfaces fe-1/1/1 brief
Physical interface: fe-1/1/1 Enabled, Physic link is Down
Link-level type:Ethernet, MTU: 1514, Spped: 100mbps, Loopback:
Disabled, Source filtering: Disabled
Flow control : Enabled
Device flags : Present Running Down
Interface flags: Hardware-Down SNMP-Traps Internal: Ox4000
Link flags : None
mike@juniper1> show interfaces fe-1/1/1 terse
Admin Link Proto Local Remote
up up
at-1/3/0.0 up up inet -->


The clear commands let you reset the devices statistics to zero.

Managing Basic Operations

JUNOS Software supports standard network utilities and remote
access for management. You may recognize a few of these fundamental
commands from UNIX and other operating systems:

ping: this standard IP command tests whether other devices,

interface cards, or nodes are reachable on the network.

traceroute: this network utility reports the path taken by packets

from your device to a destination on an IP network.

ssh: this standard UNIX secure shell program opens a user shell
on another device or host on the network.

telnet: this management protocol opens a terminal connection to

another device or host on the network.



Day One: Exploring the JUNOS CLI

Using the File Commands

The file commands let you view and copy les from one location of
your device to another, from your device to a remote system, such as a
server, or from a remote system to the device. Saving and loading
conguration les on the device are helpful for:
n Archiving and backing up congurations
n Sharing conguration les across devices
n Saving and loading parts of conguration les that might be
common across many devices within a network (route lters, for
instance). To view a le use the file show command:
mike@juniper1> file show <filename>

The File Copy Command

You can manually archive les with the file copy command which
uses the same syntax as the standard UNIX cp command:
file copy /target-directory/target-filename /destinationdirectory/destination-filename

For example, to copy the current active conguration le (/config/

juniper.conf.gz) as backup.gz to the devices /var/home/user directory:
mike@juniper1> file copy /config/juniper.conf.gz /var/home/


Create a rescue conguration of a known working conguration.

If the active conguration is corrupted, the device will automatically
load the le named rescue.gz in the /config directory as the active


After copying the conguration le to a new location, always rename it

so that you dont accidentally overwrite it later when copying an
updated version of the le.
The same command lets you move the conguration le from the
server back to the devices home directory:
mike@juniper1> file copy /config/juniper.conf.gz /var/home/

Chapter 3: Understanding Operational Mode

The File List Command

Use the file


command to verify that the le arrived in your home

mike@juniper1> file list


NOTE Chapter 4 includes the steps for loading the le as the active (running)

conguration for the device.

Managing the Operating System Software

Operational mode provides commands for managing the operating
system software, including upgrading and rebooting the device, as well
as for restarting and resetting individual processes. JUNOS Software is
a modular operating system whereby independent processes run in
their own protected memory space. As such, these processes (called
daemons) can be independently managed.

The Restart Command

You can restart most JUNOS Software processes from the operational
mode (with a few daemons requiring that you must exit to a shell). Use
restart when you need to stop and then restart individual operating
system daemons.


Although each process is fully independent, take special care when

using the restart command. A restart of the SNMP process is only
disruptive to SNMP, but a restart of routing could have drastic consequences in your network!
To restart a specic routing protocol, such as OSPF, you can deactivate
and then reactivate it in conguration mode. When a problem exists
with only one protocol, this is a better approach than restarting the
entire routing daemon of JUNOS, which would affect all the routing



Day One: Exploring the JUNOS CLI

The Request Command

The request commands perform system-wide functions such as
rebooting, upgrading, and shutting down the device. This command
group also provides the ability to online, ofine, and restart individual
components without having to reboot the entire device:
mike@juniper1> request chassis fpc slot 0 restart
Restart initiated, use "show chassis fpc" to verify
user@host> show chassis fpc
CPU Utilization (%)
Memory Utilization (%)
Slot State
Total Interrupt
DRAM (MB) Heap Buffer
0 Starting
1 Online
2 Empty
3 Empty


The online technical documentation JUNOS Software Installation and

Upgrade Guide provides details about upgrading the software version
of your device. You can download the current package from the
software download page at Downloading
new software requires a current service contract and login account.


To learn more about operational mode commands, see the online

JUNOS Software CLI User Guide and JUNOS System Basics and
Services Command Reference at

Chapter 4
Discovering Conguration Mode
Introducing the Conguration Process . . . . . . . . . . . . . . .38
Entering the Conguration Mode . . . . . . . . . . . . . . . . . . .39
Understanding Conguration Mode Basics . . . . . . . . . . . .41
Editing the Conguration . . . . . . . . . . . . . . . . . . . . . . . . .46
Committing the Candidate Conguration . . . . . . . . . . . . .48
Automating Everyday Tasks . . . . . . . . . . . . . . . . . . . . . . .53
Rolling Back the Conguration . . . . . . . . . . . . . . . . . . . . .54
Preparing System Changes in Advance . . . . . . . . . . . . . . .55
Using Conguration Shortcuts . . . . . . . . . . . . . . . . . . . . .58


Day One: Exploring the JUNOS CLI

In conguration mode, as the name implies, you dene the conguration of your device. This includes conguring the management console
with its network settings, setting up user accounts for access to the
device, specifying the security measures used to protect the device and
the network, and setting up routing and switching protocols. Each
statement congures different functions of the device, specifying its
particular properties in your network.

Introducing the Conguration Process

The JUNOS CLI is thoughtfully designed to consider conguration as
a process. Thus, safeguards have been introduced that allow you to set
up and check a new conguration before it goes live. For example,
JUNOS Software captures all changes in a candidate conguration that
when completed can be committed, and only then can become the
active conguration le.
This approach substantially contrasts with other systems that use lineby-line entry and instant activation of conguration changes. Have
you ever had to make line-by-line changes in other systems, knowing
that you were creating intermediate risks, such as removing a rewall
on an interface? Perhaps you have entered a single-line change that
created unwanted or unexpected results that you could not easily
The JUNOS CLI protects you from these conguration headaches.
With the help of early customers, the Juniper engineers purposefully
designed a multi-stage conguration process. This process provides
various methods of averting difculties caused by unexpected mistakes
and other common challenges in device conguration.
Figure 4.1 outlines the three basic steps to congure a device run by
JUNOS Software. Here are the steps identied in the gure.
Where is the candidate?
Although it is easy to think
of congurations as les,
actually there is no le
associated with the
candidate conguration.
The conguration is held in
system memory.


Make changes to the candidate conguration

The candidate conguration is a copy of the active conguration.

You can enter conguration changes to the candidate through the
CLI through cut and paste, load or merge a text le with the
updated conguration changes, or enter the changes by hand
through the CLI. After making all your candidate changes, you can
review your work, including comparing the candidate to the active
(running) le.

Chapter 4: Discovering Conguration Mode


Commit your changes.

To move the candidate to become the active conguration, enter

the commit or commit confirmed commands. Before nalizing the
changeover, the software checks for certain statements within the
candidate and performs other context validations. If the device
includes preloaded commit scripts, these scripts will also check
and possibly correct errors within the candidate conguration.

Candidate becomes active.

The candidate becomes active after passing through all the validation checks. The candidate conguration becomes the active
conguration, saved as /config/juniper.conf.gz. The device
renames the previous juniper.conf.gz le to juniper.conf.1.gz.




Scripts Checks

Figure 4.1


JUNOS CLI Conguration Process Overview

The JUNOS device saves up to 49 previous active congurations. You
can roll back to any one of these backup congurations by issuing the
rollback [0 - 49] command, discussed later in this chapter.

Entering the Conguration Mode

In devices where different user accounts can make conguration
changes, the exibility to manage who is making changes and when
they make them is essential. JUNOS Software thus offers three options
for entering conguration mode:
n Standard: allows any number of users to edit the candidate
conguration simultaneously, and changes made by a single user
are visibly shared so that they can be seen by all users.
n Exclusive: locks all other users out of conguration mode until the
exclusive user closes the exclusive state.



Day One: Exploring the JUNOS CLI

n Private: provides a private conguration, whereby the device

keeps a separate candidate copy holding only the changes by the
private user.

The Congure Command

To enter the standard conguration mode, issue the configure command:
mike@juniper1> configure
Entering configuration mode


When you exit from the standard conguration mode, all the uncommitted changes you have made during your session remain in the
candidate, unless you explicitly delete them or issue a rollback 0
command to reload the active conguration as the candidate. The
users do get warning messages when logging in and out:
mike@juniper1> configure
Entering configuration mode
The configuration has been changed but not committed
mike@juniper1# exit
The configuration has been changed but not committed
Exit with uncommitted changes? [yes,no]

The Congure Exclusive Command

To lock the candidate conguration from other users, add the exclusive switch to the configure command. In congure exclusive mode,
the device discards all noncommitted changes to the conguration
once you exit the session.
mike@juniper1> configure exclusive
warning: uncommitted changes will be discarded on exit
Entering configuration mode

The Congure Private Command

You can create your own private candidate conguration by adding the
private switch to the configure command:
mike@juniper1> configure private
warning:uncommitted changes will be discarded on exit
Entering configuration mode

Chapter 4: Discovering Conguration Mode

When a private user commits changes, JUNOS Software integrates

only the candidate changes made by the private user into the active
(running) conguration. The software does not implement any pieces
of the candidate conguration changed by others. This means that
several users can use configure private to make nonconicting
changes to the active conguration at the same time. If a private user
issues a rollback 0 command, the device discards only that users
changes in candidate conguration.


If a user creates a private conguration session, other users can log in

as usual or in their own private session. When a person is already
logged in, other users are warned that another person is currently
modifying the conguration.
Use configure exclusive or configure private whenever multiple
user accounts can make changes to the conguration. This best
practice protects everyone from inadvertent errors. For instance, the
Juniper engineers heard about one event when an administrator
accidentally typed the command delete interfaces. The administrator recognized the mistake but instead of removing the statement, he
simply exited conguration mode. Later, when another user logged in
and committed the conguration, all the devices interfaces were
deleted! Fortunately, JUNOS Software made it possible to roll back to
a previous conguration.

Understanding Conguration Mode Basics

Conguration mode offers several options to view and navigate the
candidate conguration.

Viewing the Candidate Conguration

The show command displays the candidate conguration of the device.
When this command is entered from the top of the conguration
hierarchy, the CLI displays the entire candidate conguration. The
following example provides an abbreviated listing for a congured
mike@juniper1# show
version 9.2R1.3;



Day One: Exploring the JUNOS CLI

re0 {
system {
host-name juniper1;

If you havent made any conguration changes, then the candidate

conguration is the same as the active (running) conguration of the
Deeper in the hierarchy, the show command displays the conguration
from the current conguration hierarchy level and below:
[edit interfaces ge-5/0/0]
mike@juniper1# show
gigether-options {
unit 0 {
family inet {


You may have noticed that the conguration mode uses the show
command from operational mode. The commands of each mode are
independent of each other, and so the show command represents
different actions in each mode.

Navigating the Conguration

Although you can edit the conguration from the root of the hierarchy,
it is often easier to navigate to the area within the conguration you
are changing before adding and removing commands. For example, if
you were planning to add new services to the conguration, you could
issue the following series of set commands:





Chapter 4: Discovering Conguration Mode

However, it is easier to navigate to the system services directory and

then issue the following commands:
[edit system services]
mike@juniper1# set finger
mike@juniper1# set ftp
mike@juniper1# set ssh
mike@juniper1# set telnet

In either case, when you have edited the conguration, the following
lines are added to the candidate conguration:
system {
services {

The CLI provides four commands for navigation in conguration

mode: edit, up, top, and exit.
The Edit Command
Use the edit command to jump to a specic location within the
candidate conguration. The conguration mode banner changes to
indicate your new location in the hierarchy:
mike@juniper1# edit system services
[edit system services]

You do not have to issue the edit command from the top level directory. For example, to navigate to the system syslog host log hierarchy, you could issue the following command from the top level of the
mike@juniper1# edit system syslog host log
[edit system syslog host log]



Day One: Exploring the JUNOS CLI

You could also navigate to the same hierarchy by issuing the following
succession of edit commands:
mike@juniper1# edit system
[edit system]
mike@juniper1# edit syslog
[edit system syslog]
mike@juniper1# edit host log
[edit system syslog host log]

When issuing the edit command from the hierarchy, issue the relative
path based on your location in the hierarchy.

The edit command functions like the UNIX change directory (cd)
command, moving you to an exact location in the hierarchy tree.
If you navigate to a hierarchy location that doesnt exist in your
conguration yet, the CLI will create the hierarchy level. However,
explicitly adding hierarchy levels using the set command (discussed
below) helps you to know exactly what you have created.
The Up Command
The up command allows you to move up levels in the hierarchy. By
default, you move one level. You can add a number after the command
to specify how many levels to move up.
[edit interfaces fe-1/3/1 unit 0 family inet address]
mike@juniper1# up
[edit interfaces fe-1/3/1 unit 0 family inet]

In the above example, interfaces, fe-1/3/1, unit 0, family inet, and

address each represent one level within the hierarchy as
shown below from the top of the conguration hierarchy:
interfaces {
fe-1/3/1 {
unit 0 {
family inet {

Chapter 4: Discovering Conguration Mode

The Top Command

The top command allows you to move to the rst hierarchy level.
The Exit Command
The exit command returns you to the hierarchy location before the
last edit command. If you issue this command from the top level of the
conguration hierarchy, you exit conguration mode.

You can combine navigation commands together to move through the

hierarchy. For example, you can use top and edit together to move
quickly to a different part of the conguration hierarchy:
[edit protocols ospf area]
mike@juniper1# top edit system login
[edit system login]

Use top with show to display a portion of the conguration from

another section of the hierarchy:
[edit protocols ospf area]
mike@juniper1# top show system services
web-management {
http {
port 8080;

Try it Yourself: Navigating the Hierarchy

Go to the following conguration hierarchy levels using the edit, up, top, and exit commands:
[edit interfaces]
[edit interfaces fe-0/0/0]
[edit protocols bgp]
[edit protocols ldp interface fe-0/0/0.0]
[edit system]
[edit system services telnet]
[edit system syslog archive]
[edit system syslog]
[edit snmp v3]
[edit snmp v3 usm local-engine]
[edit snmp v3 target-parameters sample-parameters parameters]



Day One: Exploring the JUNOS CLI

Editing the Conguration

Create or change the candidate conguration by entering a series of
commands, including commands to add and remove conguration

The Set Command

The set command inserts a statement and values into the candidate
conguration. For example, if you want to add the FTP service to your
device, from the top of the hierarchy you issue the following set
mike@juniper1# set system services ftp

The following lines will be added to the conguration le:

system {
services {
To learn about using set
commands to congure your
device, download additional
titles of the JUNOS Software
Fundamentals Series Day One
booklets as they become
available at

You also use the set command to add statement values when required.
For example, to set the device name to juniper1, you enter the following set command:
mike@devicename # set system host-name juniper1

The following lines will be added to the conguration le:

system {
host-name juniper1;

The Delete Command

The delete command removes statements from your candidate conguration. Deleting a statement effectively returns the affected device,
protocol, or service to an uncongured state. Deleting a container
statement removes everything under that level of the hierarchy.

The delete command removes all subordinate statements and identiers. For example, the following simple line would remove all the
protocol conguration data in your candidate:
mike@juniper1# delete protocols

Chapter 4: Discovering Conguration Mode


Know where you are in the hierarchy and everything that your
command will remove when you issue a delete statement! By always
checking the [edit] banner to determine your current hierarchy location, you can be sure your command affects only the portion of the
conguration that you want to change.
If a conguration statement is empty after you delete the conguration element(s), the CLI removes that conguration statement from
the candidate conguration.

Try it Yourself: Setting and Deleting Conguration Commands

Follow these steps to set up and then delete a serial interface with the IP address
1. Enter the following set command at the top level of the conguration hierarchy:
mike@juniper1# set interfaces se-1/0/0 unit 0 family inet address

2. Use the show command to verify that the se interface was added to the conguration (In the
following example, only the added statements are shown; your conguration le should have
more data than shown):
mike@juniper1# show
interfaces {
se-1/0/0 {
unit 0 {
family inet {

3. Delete the interface using the following delete command:

mike@juniper1# delete interfaces se-1/0/0

4. Use the show command to verify that the se interface is now removed from your
conguration le.



Day One: Exploring the JUNOS CLI


When you need to remove large common pieces of the conguration

from the device, wildcards can save you time. The device can search
through the entire candidate conguration looking for a string and
delete every line that contains that string. To learn more about wildcards, go to the online JUNOS Software CLI User Guide at www. and refer to the section on Advanced Features.

The Annotate Command

The JUNOS CLI lets you leave comments about the conguration as a
part of its listing. The comments can be quite handy when you or other
team members are trying to troubleshoot a problem or need to make
conguration changes. Issue the annotate command followed by your
note when you want to include comments:
mike@juniper1# annotate system this device is for training new
JUNOS users

When you add comments in conguration mode, they are associated

with a statement at the current level. Each statement can have one
single-line comment associated with it. To delete a comment, use the
annotate command with an empty string:
mike@juniper1# annotate system ""

Committing the Candidate Conguration

The JUNOS CLI provides multiple features that help users to catch and
correct typos, omissions, and other errors before they become a problem. In addition to candidate congurations, these features include
providing le comparisons, checking candidate syntax and context,
enabling fast rollback, and restoring working congurations on
systems that become isolated after activation of a new conguration.
Figure 4.2 provides a detailed view of the le management of the
device conguration. The active (running) conguration is the operational le of the device. It is also the conguration that the device
loads during a boot sequence. The candidate conguration is the
working copy storing conguration updates. The commit commands
cause the following transitions by the device (for candidates which
pass the validation checks):

Chapter 4: Discovering Conguration Mode

1. Copies the candidate conguration to the active conguration.

At this point, the active and the candidate congurations are
2. Decrements all rollback conguration les by one and saves the active conguration as rollback 0.


rollback <n>

scp or ftp


Versions 4 to 49
held in


on hard disk

(rollback 1)

(rollback 0)



Versions 0 to 3
held in /config
on hard disk


CLI or client

system archive
on commit or every
<n> minutes

trap/syslog event on
commit, or run commit
or event script

v 49

Figure 4.2


Network Management

JUNOS Conguration File Management

The active (running) conguration le and the last three rollback
conguration les are saved in the /config directory. The device saves
the remainder of the archived conguration les in the /var/db/config

The active conguration le is named juniper.conf.gz, and the

rollback conguration les are named from juniper.conf.1.gz to
juniper.conf.49.gz (providing an archive of 50 active congurations).



Day One: Exploring the JUNOS CLI

The Compare Command

Conguration mode conveniently provides a way to display the
congured differences between two congurations with the show
compare command.

The following example modies a candidate conguration by enabling

Telnet access and removing SSH and J-Web access:
[edit system]
mike@juniper1# set services telnet
[edit system]
mike@juniper1# delete services web-management
[edit system]
mike@juniper1# delete services ssh

Now display the resulting changes in the candidate compared to the

active conguration:
[edit system services]
mike@juniper1# show | compare
- ssh;
+ telnet;
- web-management {
http {
port 8080;
- }

The command interface indicates new lines in the candidate with a plus
(+) sign and those removed with a minus (-) sign.
SHORT CUT The operational mode command show configuration displays the

current active (running) conguration. You can perform this command

in conguration mode by adding the keyword run:
mike@juniper1# run show configuration

The Commit Check Command

The CLI also provides a command to check that the system can process
your candidate conguration. The commit check command validates
the logic and completeness of the candidate without activating any

Chapter 4: Discovering Conguration Mode

changes. These are the same validations that run when you commit a
candidate. If the system nds a problem in the candidate conguration,
it lets you know:
mike@juniper1# commit check
[edit interfaces lo0 unit 0 family inet]
Loopback addresses' prefix must be 32 bits
error: configuration check-out failed

BEST PRACTICE Before activating a candidate as the running conguration, always

check your work. Use the show | compare command to ensure all of
the expected conguration elements and parameters are a part of the
candidate. Enter the commit check command to have the system
validate your candidate conguration without activating the changes.

The Commit Command

The candidate le is only the proposed conguration, and your device
does not use any of this conguration until you issue a commit command. After you have entered all desired changes and you have doublechecked your work, you are ready to activate your candidate as the
active (running) conguration.
To activate the candidate conguration, enter the commit command:
mike@juniper1# commit
commit complete

Before actually activating the candidate conguration, JUNOS Software checks basic syntax and semantics. For example, the software
makes sure that a policy has been dened before it is referenced. If any
syntax or semantic problems are found, the commit command returns
an error:
mike@juniper1# commit
error: Policy error: Policy my-policy referenced but not defined
error: BGP: export list not applied
error: configuration check-out failed

You must x all mistakes before the candidate (or any part of the
candidate) can become active.



Day One: Exploring the JUNOS CLI

The commit complete message tells you that the new conguration is
up and running on the device:
mike@juniper1# commit
commit complete


By default, if more than one user is modifying the conguration,

committing the conguration saves and activates the changes of all
users (unless a user is in congure private mode; see pages 4041).

The Commit Conrmed Command

Are you among those of us who have made the mistake of adding
security to a remote box, only to discover the new rewall locked you
out of the very interface that you were using to access the device? Do
you have a story about the time you accidentally isolated a remote box
and then had to jump in the car and drive for four hours in the middle
of the night just to reset it? The commit confirmed command can
prevent costly conguration mistakes by automatically rolling back
problematic congurations.
The commit confirmed command commits a candidate conguration
for 10 minutes. If you dont then follow up with a second commit
command, the device automatically rolls back to the previous conguration. You can use the commit confirmed command anytime you want
a safety net against potential conguration problems:
mike@juniper1# commit confirmed
commit confirmed will be automatically rolled back in 10 minutes
unless confirmed
commit complete

If everything looks good, then you need to commit the new conguration a second time for the conguration to become permanent:
mike@juniper1# commit
commit complete

If you do not conrm the conguration by entering a second commit

command, the CLI will roll back the device to the previous active conguration at the end of the 10 minutes. In this way, if you have accidently isolated the device, you simply need to wait for the rollback
instead of agonizing over how you are going to otherwise undo your

Chapter 4: Discovering Conguration Mode

Broadcast Message from root@juniper1

(no tty) at 08:10:17 UTC
Commit was not confirmed; automatic rollback complete.

After the device rolls back, check for errors in the candidate conguration, and then try the commit command again.
You can alter the time that the device waits before rolling back by
adding a wait-time (in minutes) to the command:
mike@juniper1# commit confirmed 2
commit confirm will be automatically rolled back in 2 minutes
unless confirmed commit complete


When you are conguring remote devices, always use the commit
confirmed command to activate your candidate conguration. Even
the most experienced JUNOS users want the insurance policy it
provides to their work, and many have a story to tell about the day it
saved them from their own mistake and lots of extra work.

Automating Everyday Tasks

You can optimize your work by adding automated scripting to your
repertoire. JUNOScript lets you automate, in your own way, both
conguration and operational CLI commands. Using automated
scripting can not only save you time, but can also reduce downtime by
preventing conguration errors and speeding problem resolution and
Commit scripts enable customized checks of congurations to ensure
that they are in compliance with your network standards and policies.
Op and event scripts can receive command output, inspect it, and
determine the next appropriate actionrepeating the process until a
problems source has been found.

For instructions on implementing scripts, see the Conguration and

Diagnostic Automation Guide at



Day One: Exploring the JUNOS CLI

Rolling Back the Conguration

Whenever you commit the candidate conguration as the new active
conguration, JUNOS Software automatically saves a copy of the
replaced active le. As you store each newly replaced conguration, all
the prior conguration les move back one version number further in
the conguration archive. Each device can store up to 49 of the most
recently active versions along with the current active conguration
(also known as rollback 0).
You can access this conguration archive using the rollback command, including the number of versions you want to go back. Return
to the most recent previous conguration le using the rollback 1
mike@juniper1# rollback 1
load complete

The rollback rescue

command loads the rescue
conguration le (see the
BEST PRACTICE tip on page
34 for more information).

The rollback command loads the requested archive as the candidate

le. If you want to use it immediately, rst make sure its what you
want by using the show command, and then activate it with the commit
mike@juniper1# show
mike@juniper1# commit
commit complete

This automatic backup mechanism lets you return quickly to a previous conguration for immediate use or for fast updates.


Dont forget its necessary to commit the candidate le to actually

activate the selected rollback le as the running conguration.
If you arent sure what differences exist between the active (running)
conguration and a rollback le, investigate with the show | compare
[edit interfaces]
mike@juniper1# show | compare rollback 2
[edit interfaces]

Chapter 4: Discovering Conguration Mode

- fe-3/0/1 {
unit 240 {
vlan-id 240;
family inet {
address {
- }


Use the question mark with the rollback command to list the full
mike@juniper1# rollback ?
Possible completions:
Execute this command
2009-01-31 04:34:56 UTC
2009-01-31 04:30:03 UTC
2009-01-30 06:23:44 UTC
2008-11-03 08:00:03 UTC
2008-11-03 07:45:21 UTC
Pipe through a command


by mike via cli

by mike via cli
by mike via cli
by mike via cli
by mike via cli

To reset the candidate conguration to the currently active conguration use the rollback (or rollback 0) command.

Preparing System Changes in Advance

The JUNOS CLI provides options for making system changes in
advance. These options can remain inactive parts of your conguration
until needed or become scheduled elements with a set activation time.

Preconguration of New Hardware

Unlike other systems, JUNOS Software lets you prepare for an installation before actually installing the hardware. The software simply
ignores any parts of the running conguration that are irrelevant to



Day One: Exploring the JUNOS CLI

the existing hardware installation. Whenever the hardware becomes

available, the newly added section of the conguration then becomes
The option to set up a conguration before hardware installation is
quite useful, especially when the person installing the hardware is
different from the person conguring the device, a common occurrence
for remote boxes. Here is a conguration for fe-3/0/0, for example,
which could be installed tomorrow:
mike@juniper1# edit interfaces fe-3/0/0 unit 0
[edit interfaces fe-3/0/0 unit 0]
mike@juniper1# set family inet address
[edit interfaces fe-3/0/0 unit 0]
mike@juniper1# commit
commit complete

The Commit At Command

Sometimes you want to prepare conguration changes for activation at
a specic time, such as during a maintenance window. The commit at
command provides this option:
mike@juniper1# commit at 02:00:00
commit check succeeds
commit will be executed at 2009-02-02 02:00:00 UTC
Exiting configuration mode

To display any pending commit operations (and the commit history),

enter the show system commit command. You can cancel a pending
commit operation with the clear system commit command.
mike@juniper1>clear system commit
Pending commit cleared

The Deactivate Command

You can also make conguration changes and mark them as inactive
until you are ready to use them. The device ignores these portions of
the conguration as though they were not even dened. In this exam-

Chapter 4: Discovering Conguration Mode

ple, a new BGP neighbor at is congured but left deactivated until the session is ready to be introduced:
mike@juniper1# edit protocols bgp group internal
[edit protocols bgp group internal]
mike@juniper1# set neighbor
[edit protocols bgp group internal]
mike@juniper1# deactivate neighbor
[edit protocols bgp group internal]
mike@juniper1# show
type internal;
export [ nhs accept-aggregates ];
inactive: neighbor;
[edit protocols bgp group internal]
mike@juniper1# commit
commit complete

When youre ready to make the change, you just activate and commit
that portion of the conguration, and the device will begin using it:
[edit protocols bgp group internal]
mike@juniper1# activate neighbor
[edit protocols bgp group internal]
mike@juniper1# commit
commit complete

You can deactivate any portion of the conguration hierarchy, and the
device ignores everything underneath it. For example, you can deactivate the entire group of BGP neighbors called internal:
[edit protocols bgp group internal]
mike@juniper1# up
[edit protocols bgp]
mike@juniper1# deactivate group internal



Day One: Exploring the JUNOS CLI

Using Conguration Shortcuts

A typical conguration includes many similar elements named and
dened by the user, such as interface names, policy statements, and
rewall lters. The JUNOS CLI includes commands to duplicate and
quickly change the congurations of these user-dened elements.

The Copy Command

The copy command duplicates a conguration statement along with
all the subordinate statements congured underneath it. In using the
command, you copy the conguration associated with one user-dened
element to a new, similarly congured element. You then modify that
second element with any needed changes.
The following sample conguration shows a congured serial interface
[edit interfaces]
mike@juniper1# show
se-0/0/2 {
serial-options {
clocking-mode dce;
clock-rate 125.0khz;
unit 0 {
family inet {

You can use the copy command to set up a new interface se-0/0/1. The
duplicated interface has exactly the same parameters as the original.
You can then make any needed changes in the conguration of the
newly created interface se-0/0/1; for example, you can change its
[edit interfaces]
mike@juniper1# copy se-0/0/2 to se-0/0/1
[edit interfaces]
mike@juniper1# delete se-0/0/1 unit 0 family inet address

Chapter 4: Discovering Conguration Mode

Youve now deleted the copied address. Replace it with the correct
address for the new interface:
[edit interfaces]
mike@juniper1# set se-0/0/1 unit 0 family inet address

Very quickly, the new se-0/0/1 interface has been created, keeping most
of the same properties as the se-0/0/2 interface:
[edit interfaces]
mike@juniper1# show
se-0/0/1 {
serial-options {
clocking-mode dce;
clock-rate 125.0khz;
unit 0 {
family inet {
se-0/0/2 {
serial-options {
clocking-mode dce;
clock-rate 125.0khz;
unit 0 {
family inet {


Before commiting the candidate le, be sure to check your edits when
changing the conguration with the copy command. Check that you
made all the modications needed in all the duplicated statements.
Remember, the conguration might not be valid immediately after you
have copied a portion of the conguration. You must check the validity
of the new conguration and, if necessary, make modications for the
conguration to be valid.



Day One: Exploring the JUNOS CLI

The Rename Command

The rename command is a convenient shortcut when you need to alter
the value of a user-dened variablesuch as policy names, lter
names, or IP addressesor to change the name of a user-dened
In the next example, the address of the Fast Ethernet fe-4/0/2 interface
has been incorrectly set to
[edit interfaces]
mike@juniper1# show
fe-4/0/2 {
unit 0 {
family inet {

Use the rename command to change the value to

[edit interfaces]
mike@juniper1# rename fe-4/0/2 unit 0 family inet address to address

Check to see that the change is quickly completed:

[edit interfaces]
mike@juniper1# show
fe-4/0/2 {
unit 0 {
family inet {


Alternatively, instead of using rename, you can use the delete command to remove the statement and then use the set command to add
the new value.

Chapter 4: Discovering Conguration Mode

Switching Ports: A Useful Conguration Trick

How many times have you had to temporarily move a connection to
another port just to test it? In JUNOS Software, the process is simple.
Follow this example, as the conguration is moved from fe-2/0/1 to fe2/0/0.
Begin by looking at the existing interface conguration:
mike@juniper1# show interfaces
fe-0/0/0 {
unit 0 {
family inet {
fe-2/0/1 {
unit 240 {
vlan-id 240;
family inet {

The following moves the port in the candidate le:

mike@juniper1# rename interfaces fe-2/0/1 to fe-2/0/0

The candidate conguration now shows this move:

[edit] show interfaces
fe-0/0/0 {
unit 0 {
family inet {
fe-2/0/0 {



Day One: Exploring the JUNOS CLI

unit 240 {
vlan-id 240;
family inet {


To learn more about conguration mode commands, see the online

JUNOS Software CLI User Guide at

What to Do Next & Where to Go ...
Everything you need for JUNOS Software adoption and education.
The Juniper-sponsored J-Net Communities forum is dedicated to
sharing information, best practices, and questions about Juniper
products, technologies, and solutions. Register to participate in this
free forum.
All product documentation developed by Juniper Networks is freely
accessible at this site. Find what you need to know about JUNOS
Software under each product line.
Juniper works with multiple book publishers to author and publish
technical books on topics essential to network administrators. Check
out their ever-expanding list of newly published books.
Take courses online, on location, or at one of the partner training
centers around the world. The Juniper Network Technical Certication Program (JNTCP) allows you to earn certications by demonstrating competence in conguration and troubleshooting of Juniper
products. If you want the fast track to earning your certications in
enterprise routing, switching, or security, use the available online
courses, student guides, and lab guides.
Do you have a comment about this Day One booklet? Drop us an email at

Command Reference
(Summary of commands discussed in this Day One booklet.)

Conguration Mode Commands

Operational Mode Commands

activate Activate a portion of the conguration.

clear Remove system information.

annotate Leave comments about a conguration


congure Enter conguration mode.

commit Commit candidate set of changes.

commit at Commit candidate at a set time.
commit check Validate the candidate conguration
without activating any changes.
commit conrmed Automate rollback if the user does
not follow the command with a conrmation.
compare Display the differences between the two

congure exclusive Get an exclusive lock on the

candidate so others cant edit it.
congure private Give the user their own copy of the
candidate conguration.
exit Exit operational mode.
le copy Create and archive les.
le list List les and directories on the device.
le show View the le contents.

copy Copy a statement.

help Get onboard help.

deactivate Mark portions of the conguration as


monitor Show real-time debugging information.

delete Remove a conguration statement(s) or

edit Move to the designated hierarchy level.
exit Exit this level of the conguration hierarchy. At
the top level, exit conguration mode.
exit conguration-mode Exit conguration mode.
help Get onboard help.
pipe Take output from one command and use it as
input to another command or redirect the output to a
rename Assign a new name to a conguration or
rollback Restore the candidate le to a previous
committed conguration.
run Run an operational mode command.
set Create a statement hierarchy and set identier
show Display the candidate conguration.
top Move to the rst hierarchy level.
up Move up one level in the hierarchy.

ping Send a message to another host to verify

pipe Take output from one command and use it as
input to another command or redirect the output to a
request Install new software versions, reboot, shut
restart Restart individual operating system daemons.
set Establish system properties.
show Show system information.
ssh Start secure shell on another host.
start shell Log in to the C shell interface.
telnet Open a terminal connection to another device or
host on the network.
traceroute Record and display every IP packet hop
from one location to another.

You might also like